Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined
as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Pop-under adverts are essentially the same as Popups, expect, as the name suggests, they hide behind the main browser window until the user manually closes them. This particular attack, carried out through the PopAds advertising network, uses the Magnitude Exploit Kit to install CryptoWall on vulnerable machines running out of date versions of Adobe Flash.

Malvertising

It is important to note that the websites displaying the malicious adverts are not themselves infected, but attackers have instead been able to upload dodgy creatives to the network serving up advertising.

The attack appears to be targeting European users, with 14.3 percent of infections taking place in Spain and 11.4 percent in each of France, Netherlands and Poland. The UK does not appear to have been significantly affected.

Malwarebytes says it has informed PopAds in the hope it can shut down the campaign, but until then, it recommends users keep web plugins updated or even consider uninstalling Flash altogether.

PopAds told TechWeekEurope it had been notified of the campaign and had since blocked several accounts.

Many malvertising attacks have focused on adult websites, but experts do not believe pornographic destinations are any more dangerous than other, more trusted brands.

“There’s this idea that adult sites are more dangerous to visit than “regular” sites,” Segura told TechWeekEurope last year. “I don’t believe it’s entirely true especially for the top sites because they do dedicate a lot of resources to fighting fraud and malware. Based on what we have seen in the past months as far as malvertising goes, we have seen just as many top mainstream publishers as pornographic ones.”